1. Field of the Invention
The invention relates to the field of identification technology, as is used for security and data storage media systems, for example. It relates particularly to a system and a method for producing user media in an identification system.
2. Description of Related Art
Identification systems (often the term “authentication system” would be more correct) are used for different applications such as access control (in what are known as ‘online’ systems, in which an object for which access is being controlled is in contact with a central unit, and in ‘offline’ systems, in which this is not the case), prepaid card systems, data acquisition systems, etc.
Usually, the identification systems have user media—for example “Smart Cards”—which are provided with a data memory which stores a suitable electronic key. In application, data interchange takes place—usually without physical contact—with a read and/or write device, wherein the electronic key is used to perform an authentication process and the desired action—for example the release of an object, the purchase of an item or service, the writing of a piece of information to the user medium, etc.—is performed successfully only if the electronic key is established to be correct in the read and/or write device or possibly in the user medium, or the result of a computation operation on the basis of the key produces a desired value.
A frequently chosen approach is for the common electronic key to be stored on all user media and for the electronic key to be known to all read and/or write devices in a system. This is a good solution for small, straightforward systems. However, it makes no sense in larger systems, for if a medium or the key is lost and (possibly) reaches an unauthorized person, all elements of the system need to be reprogrammed with a new key.
An alternative approach is to provide what is known as a “Site Key” or “Master Key” which is used as a basis for calculating the electronic keys. The electronic keys for the various media differ from each other, only the ‘Master Key’ is common. The ‘Master Key’ is never used for identification, and it cannot be calculated from the keys.
This alternative approach makes it possible such that not all elements of the system to have to be reprogrammed in the event of loss of a medium, but rather only particular applications which are affected by the loss. However, some significant drawbacks remain as user media are generally initialized, and have information written to them, by a computer which must contain the master key. This is a security risk because the whole system is endangered if the master key is copied. For this reason, media in such systems are issued by central certification offices—for example provided by the vendor of the entire identification system—and these central certification offices never issue the master key. Although satisfactory security devices at the central certification offices warrant the required security to a certain extent, the procurement of new media is complicated and—as a result of the involvement of the central certification office—also expensive. Furthermore, there is always the residual risk of abuse by persons working at the certification office.
A system with a central certification office for applications in the banking sector or the like is described in U.S. Pat. Nos. 4,811,393 and 4,910,773, for example. In accordance with this teaching, ‘User Cards’ (user media) are provided which are also in the form of security modules whose memory can be accessed only by the dedicated module processor, for example. The user media are used to store a derived key (diversified key) which has been determined from a base key. This system also requires a central certification office and is furthermore also costly because all user media need to be designed in hardware as security modules with appropriate processors and data memories.